SAP Patches Internet Communication Manager Advanced Desync (I

SAP Patches Internet Communication Manager Advanced Desync (ICMAD) Vulnerabilities (CVE-2022-22536)

On February 8, SAP disclosed several vulnerabilities in the Internet Communication Manager (ICM), a critical component of its NetWeaver Application Servers in coordination with security researchers at Onapsis who discovered the flaws. The Cybersecurity and Infrastructure Security Agency has also issued an alert about these vulnerabilities, stating that exploitation could result in disrupted operations, data theft, fraud and ransomware attacks.

According to the Onapsis Threat Report, the vulnerable ICM component is “present in most SAP products and is a critical part of the overall SAP technology stack,” making these vulnerabilities a major concern for enterprises that deploy SAP products. Organizations are urged to patch immediately.

For more information about the vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

Vulnerability Watch

Forum Discussion

SAP Patches Internet Communication Manager Advanced Desync (I

Recent Discussions

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Microsoft Patch Tuesday 2025 Year in Review

Americas

Europe

Asia / Australia